Once you do a recon (aka: infrastructure-hacking) against a target-network or organization, you'll come across a list of open ports. Sometimes juicy ports, that allows you to access information directly, thanks to hipstersoft like mongo, redis, elasticsearch or manipulate services via management-access like JMX-Consoles.
We provide a list of juicy ports of what we came across during our infrastructure - assessments and might be more than interesting for others.
Long Story Short: if you are an company/org that exposes these ports to the internets -> shut them down, thats what firewalls are for. if you are a pentester, probably jackpot.
- Warning: open port/service might grant unauthorized access to information
- Critical: open port/service allows unauthorized access to information, disrupt services or allows compromise of services
Fragen? Kontakt: firstname.lastname@example.org